I have a project that has worked well for a company for years but now they want to expand it and offer it to other users. (the back end)

My concern is as more people know of something the more attractive to attacks it gets. All user input is validated and the entire sites configuration is password protected. My question is other than cross site scripting and malicious user input what should I be concerned about?

The other part that I am concerned about is the server must accept form data from telemetry units on Verizon's cell network like this:

Excellent idea. Each will have a static IP on our private network from Verizon, so yes validating by IP will work. I can also pair the ID and IP when we send out the unit and the chances of someone figuring out the IP and unit ID (non sequential) is way low!

How about combining the IP with a simple randomized access token? You would generate one for each client that needs access.

Are the URL's hidden? Or publicly viewable? Because if it's the latter tokens might not do the trick. But generally adding a simple &token=a3bgha133c31faff13f5 to your URL combined with an IP block should keep people out for a long while.

Other then that you should monitor your server and be aware of server-software level vulnerabilities as well. If you expose an app to the public those are all things to worry about.

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum